Saturday, May 7, 2022

Re: Custom user model password is not hashed

Hey Benjamin, can you please share your github repo for the same code. I'm also getting the same error in one of my project, can't figure out how to solve it.

On Friday, November 13, 2015 at 6:11:09 PM UTC+5:30 benjamin...@gmail.com wrote:
The problem was, when creating a custom user, one has to define a custom model form and model admin that handles the password properly. After that it was solved.

Thank you.

On Thu, Nov 12, 2015 at 9:25 PM, Andreas Kuhne <andrea...@suitopia.com> wrote:
Try to debug and check what your password value is after the set_password() statement.  Also have you checked the database after trying to create a user with the new method? It should be hashed in the database. This is stuff that should "just work" in django (it's regulated by the AbstractBaseUser and is the same that I am using in a project).

You did restart the django shell after changing the code?

2015-11-12 16:44 GMT+01:00 Benjamin Smith <benjamin...@gmail.com>:
I have changed user.set_password(self.cleaned_data["password"]) to user.set_password(password). But I am getting the same result.

On Thu, Nov 12, 2015 at 8:57 PM, Andreas Kuhne <andrea...@suitopia.com> wrote:
As aRkadeFR says, you seam to have mixed code there....

The row:
user.set_password(self.cleaned_data["password"])

is taken from a form somewhere and won't work. It should instead be :
user.set_password(password)

I suppose the password is going through to the create method via the kwargs argument at the end of you create method. But if you change like I said, everything should work.


Med vänliga hälsningar,

Andréas Kühne
Software Development Manager
Suitopia Scandinavia AB

2015-11-12 16:20 GMT+01:00 aRkadeFR <con...@arkade.info>:
Hello,

I don't quite get the code in your method: 'MyUserManager.create_user':
        user.set_password(self.cleaned_data["password"])

You're in your Manager method but call self.cleaned_data ?

You can set a breakpoint inside your method with pdb to see
what's going on with your fields?


On 11/12/2015 04:11 PM, Benjamin Smith wrote:
I have my own custom User model, and its own Manger too.

Models:

class MyUser(AbstractBaseUser, PermissionsMixin):
    email = models.EmailField(max_length=255, unique=True)
    first_name = models.CharField(max_length=35)
    last_name = models.CharField(max_length=35)
    username = models.CharField(max_length=70, unique=True)
    date_of_birth = models.DateField()
    is_active = models.BooleanField(default=True)
    is_admin = models.BooleanField(default=False)

    @property
    def is_staff(self):
        return self.is_admin

    def get_full_name(self):
        return ('%s %s') % (self.first_name, self.last_name)

    def get_short_name(self):
        return self.username

    objects = MyUserManager()
    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['first_name', 'last_name', 'username', 'date_of_birth']

Manager:

class MyUserManager(BaseUserManager):
    def create_user(self, email, first_name, last_name, username, date_of_birth, password=None, **kwargs):
        if not email:
            raise ValueError('User must have an email address')

        user = self.model(
            email=self.normalize_email(email),
            first_name=first_name,
            last_name=last_name,
            username=username,
            date_of_birth=date_of_birth,
            **kwargs
        )
        user.set_password(self.cleaned_data["password"])
        user.save(using=self._db)
        return user

    def create_superuser(self, email, first_name, last_name, username, date_of_birth, password, **kwargs):
        user = self.create_user(
            email,
            first_name=first_name,
            last_name=last_name,
            username=username,
            date_of_birth=date_of_birth,
            password=password,
            is_superuser=True,
            **kwargs
        )
        user.is_admin = True
        user.save(using=self._db)
        return user

Everything works when creating a new user without any errors. But when I try to login I can't. So I checked the user's email and password to confirm. Then I noticed that the password is displayed as plain text (eg. strongpassword), and when changed the admin form to get the hashed password using ReadOnlyPasswordHashField() I get an error inside the password field, even though I used set_password() for the Manger inside the create_user() function.

Invalid password format or unknown hashing algorithm

However, if I manually do set_password('strongpassword') for that user inside the console, then only the password is hashed. Could you please help me solve this problem. Thank you.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAM4YLWJNGdSj-rVAuhta_UA50Cjna8zg-c14FPxK%3DtdU49mngQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--   aRkadeFR

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5644AE3A.5050609%40arkade.info.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALXYUb%3D-V1fqJLJSbUaPUWaYX6srAf9s0qnZ0ZrTZOv9757o2w%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAM4YLWJ3tgcBSe_VcH6T6t4UbbA4EqTB0R0TueL2BjidZow7xg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2c07f199-d8f2-4028-ba59-1b575cbbc24bn%40googlegroups.com.

No comments:

Post a Comment